Chief Product Security Engineer

Social network you want to login/join with:

Client: Leonardo

Location: Newcastle upon Tyne, United Kingdom

Job Category: -

EU work permit required: Yes

Job Description:

At Leonardo, we have a fantastic opportunity for a Chief Product Security Engineer to join our team within the Customer Support and Service Solutions (CS3) line of business. CS3 operates across the UK, providing innovative and invaluable support solutions to our customers. We help to ensure the availability of front-line capability wherever and whenever required.

We are looking for an experienced product security practitioner with expertise in developing and maintaining robust product security management systems for defence and government customers.

Within CS3, the term 'product' includes in-service equipment and the support solutions/services provided to customers, which are developed. The Chief Product Security Engineer will ensure that all security aspects of the design, development, verification, and maintenance of this range of products, through all phases of their lifecycle, comply with policy and process. They will work closely with development teams to provide guidance on security controls.

• Provide security advice and support to product development teams, including deriving security requirements, undertaking security risk assessments, preparing security risk mitigation plans, and reviewing Security Management plans.
• Maintain and monitor security policies.
• Produce Line of Business (LoB) security metrics.
• Manage attendance at external security forums.
• Support the Security Special Interest Group.
• Lead security incident management teams during incidents/crises with the Lead Product Security Engineer(s).

The Chief Product Security Engineer has delegated authority within the Design Integrity function, responsible for:

• Security process and competence framework maintenance and monitoring.
• Assessment of security competence per the framework.
• Chairing and maintaining a LoB security Community of Interest (CoI).
• Promoting security awareness and embedding best practices across the division.
• Training engineering teams on security frameworks, policies, and processes.
• Developing robust security risk management systems for various products and services, in line with customer, regulatory, and legislative standards.
• Familiarity with legislation such as IPA, DPA, Official Secrets Act.
• Registered NCSC Certified Professional at lead level or equivalent qualification.
• Knowledge of UK/NATO Information Assurance standards, procedures, and systems, including HMG Security Policy Framework, ISO security standards, RTCA DO326A.
• Experience with incident investigation processes.
• Practical experience with NCSC and Common Criteria security evaluation techniques up to High Grade.
• Knowledge of current cryptographic technologies, Key Management Systems, and practical COMSEC implementations.
• Experience in identifying future product security needs, delivering training, and awareness presentations.
• Awareness of product security implications related to safety.
• Excellent communication and interpersonal skills for engaging with stakeholders at all levels.
• Understanding of regulatory requirements like MAA DAOS, ARP4754.
• Ability to understand operational concepts to assess security risks and define mitigations.
• Innovative approaches to security management and regulatory buy-in.
• Active membership in external security forums or groups.

Security Clearance: Required

Life at Leonardo: We offer a funded benefits package, learning and development opportunities, and flexible working hours, including hybrid options. Benefits include private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle allowances (£500/year), 25 days holidays plus bank holidays, options to buy/sell leave, up to 12 flexi days, a pension scheme with up to 15% employer contribution, employee assistance programs, discounts, and more.